WordPress.org

Make WordPress Core

Opened 16 months ago

Closed 16 months ago

Last modified 16 months ago

#45011 closed defect (bug) (duplicate)

Add source to $allowedposttags

Reported by: 1000camels Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.1
Component: Media Keywords:
Focuses: Cc:
PR Number:

Description (last modified by SergeyBiryukov)

The source element, which is needed for audio, video and picture elements, is not included in the array of $allowedposttags in kses.php

It can be included on line 299, as:

		'source' => array(
			'sizes' => true,
			'src' => true,
			'srcset' => true,
			'type' => true,
			'media' => true
		),

This is important because media's audio shortcode applies the src to the source element. The source element is optional, but in this case it is not. If it is excluded, the player will render but not play.

I am not sure how wide-spread this case is, but I encountered it where do_shortcode was being applied to the the_excerpt filter before kses was applied. So an audio shortcode was being clobbered in a case that does not normally happen. Nevertheless, it would seem that the source element is valid and should be included.

Attachments (1)

kses.php (51.8 KB) - added by 1000camels 16 months ago.
This is a proposed patched version of kses.php

Download all attachments as: .zip

Change History (3)

@1000camels
16 months ago

This is a proposed patched version of kses.php

#1 @peterwilsoncc
16 months ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @1000camels and welcome to trac.

Thanks for the ticket, ticket #29807 is already tracking adding picture and source to kses so I am going to close this as a duplicate.

There's a patch on the ticket already but some further work is needed to validate the srcset attribute. You're welcome to join the existing discussion.

For future reference, when suggesting changes it's best to upload a diff file rather than a full copy of the file to be modified. You can read the handbook for instructions on how to generate one via git or svn.

#2 @SergeyBiryukov
16 months ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.